What I Suggested To Valve "LINUX"!!!

[Kschreck]

I suggested to Valve to run Linux when working with the Source material. The denial of service is a Windows only attack. Linux can not and will not ever be attacked. I will try to explain one reason why it can not be attacked. The files on a Linux computer are owned by the user. Which means even you can not acces them unless you give yourself permission. If someone tried to steal files from your computer first off it would not let them due to the very powerful system, secondly it would ask for the users Password. The hacker can not get the password because it goes through around 8 levels of encryptions. I said you should have atlease 1 Linux computer to manage the source files. Comple the Source on a system with no internet and thats only attached to the Linux computer. Then put the Source onto the Linux computer to store it. the Linux computer can have Internet. I suggested using Gentoo linux. I believe that would help them out a lot. It would deffinetly guarenteed them that they will not be attacked.

 

[Gordon'sFreeman]

Why not have just win XP with no internet :| same shit.
it is pretty silly having a game being made on a computer with internet

 

[Magicpants]

Linux can get DOS attacks and has security flaws just as Windows does, it is merely attacked less because less people use it.

"someone tried to steal files from your computer first off it would not let them due to the very powerful system, secondly it would ask for the users Password."

This bit just made me laugh

"It would deffinetly guarenteed them that they will not be attacked."
Err... Yeh.

So are you just pawing your keyboard or do you have fingers?

 

[Dr-X]

ok ,first you're wrong and you're a dumbass. secondly, so what this is hindsight. you're REALLY NOT helping assface, with this 'they should have listened to me' crap. go sit back in your hole.

 

[Magicpants]

Yah. I kinda like the way you put that Dr-X, to the point

 

[pblse]

Kschreck, you have some serious reading to do if you belive what you said.

Only reason Windows and MS software is targeted is that is the most widely spread, there have been numerous security hole sin open source software.

Just recently there was the OpenSSL bug which affects all the open source webbrowsers and could lead to code execution by visiting a website in worst case scenario.

And the user thing, sigh, do you know anything ? You can run as a restricted user on Windows as well, just that no one bothers with it.

 

[derby]

Originally posted by Dr-X
ok ,first you're wrong and you're a dumbass.

Speaking of people who are wrong, Dr-X, I remember your posts form last night along the lines of 'Oh my God you people are soooo gullible and stupid there's no way that source code is real'....

Hey, Pot, you're black!

No-one who is serious about computer would argue the fact that Linux is more secure than Windows, but it isn't perfect there have been exploits in the past but very very few of them compared to the colourful history of windows hacking. But seriously they should never have sensitive information on a computer that is connected to the internet.

 

[pblse]

And, finally, I don't belive Valve's explanation, and note that he said it was speculation.

First, the hole he talkes about was patched 2001, secondly there is no excuse not to run a firewall, a software like remoteanywhere needs connections IN to the computer and apparently it must have been completely without firewall.

 

[MrD]

Interestingly, Linux is open source ... so something that people have the source for is not necessarilly any less secure ... ?

 

[Dr-X]

derby, yes i was wrong and i feel like an ass.

But seriously they should never have sensitive information on a computer that is connected to the internet.

if you'd worked in an up to date, modern workplace, you'd realise why this statement is simply not viable. Everyone uses to internet to access their sensitive information, it's commonplace. Features like VPN allow you to access stuff anywhere, realtime, etc. There are many excellent reasons to have your information on the internet.

But can we please stay away from hindsight, because at the moment, it really isnt helping at all.

 

[MrD]

Originally posted by pblse
First, the hole he talkes about was patched 2001, secondly there is no excuse not to run a firewall, a software like remoteanywhere needs connections IN to the computer and apparently it must have been completely without firewall.

The machine may have been configured to allow employees to hook up from the internet ?

 

[Gorgon]

Nah man, I want the game on window not linux. this is my reply.

 

[pblse]

No-one who is serious about computer would argue the fact that Linux is more secure than Windows

Most people that work with computer and don't belive in religion wars realise no system is secure if you don't know what you are doing.
Like I said, there have been numerous security holes in open source software but few exploits becuase 1.) these people wants the most spread and that means targeting software peopel actually use 2.) most trojans/viruses come from the open source fanatics.

 

[Magicpants]

"Y'see, now i suggested to Valve that they don't use computers and design the Source engine out of clay, but did they listen? Nooooo!"

 

[karx11erx]

Originally posted by Kschreck
I suggested to Valve to run Linux when working with the Source material. The denial of service is a Windows only attack. Linux can not and will not ever be attacked. I will try to explain one reason why it can not be attacked. The files on a Linux computer are owned by the user. Which means even you can not acces them unless you give yourself permission. If someone tried to steal files from your computer first off it would not let them due to the very powerful system, secondly it would ask for the users Password. The hacker can not get the password because it goes through around 8 levels of encryptions. I said you should have atlease 1 Linux computer to manage the source files. Comple the Source on a system with no internet and thats only attached to the Linux computer. Then put the Source onto the Linux computer to store it. the Linux computer can have Internet. I suggested using Gentoo linux. I believe that would help them out a lot. It would deffinetly guarenteed them that they will not be attacked.

Every computer system can be hacked. Every one.

I wonder however how in a security sensitive environment like Valve's development network people still use the outlook preview pane, when it is known for months and years that it is unsafe - or why they use MS Explorer and Outlook at all, when all the world knows how many leaks they (still) have.

Everybody knows there's a lot of criminal punks out there who will unevitably try to hack someone like Valve.

Personally I have switched to Mozilla Firebird, and there's a lot of other non MS software available to make even a Windows system safer.

I also wonder how the hacker could get past all network security a company like Valve is supposed to have and stay unnoticed for so long. A keylogger has to send it's data somewhere, and as soon as an intrusion has been detected all alarm bells should go off on the network admin's side. Imo "paranoia" would be just the proper attitude for a companie's like Valve network admin.

Maybe Valve has a "mole"?

Anyway, the thief is a criminal and is to be persecuted, tried and put into jail for not too short a time.

 

[pblse]

No-one who is serious about computer would argue the fact that Linux is more secure than Windows

Sorry, forgot to quote that line in my last post, it sort of took the edge out of the reply

 

[Dr-X]

"Y'see, now i suggested to Valve that they don't use computers and design the Source engine out of clay, but did they listen? Nooooo!"

LMAO! well done

 

[derby]

Originally posted by Dr-X
...if you'd worked in an up to date, modern workplace, you'd realise why this statement is simply not viable. Everyone uses to internet to access their sensitive information, it's commonplace. Features like VPN allow you to access stuff anywhere, realtime, etc. There are many excellent reasons to have your information on the internet....

True, it's easy to say things with hindsight, but I stick by my earlier comment, the Ministry of Defence (in the UK) hold all of thier sensitive information on PCs that are not connected to the internet. They have an 'air gap' of several meters between any PC on the internet and any PC with sensitive information. It's the only way to make the information secure. Using a secure OS is a start, if you must have the PCs on the net, but you can't beat an air gap for being totally inpervious to hackers.

 

[MrD]

Re: Re: What I Suggested To Valve "LINUX"!!!

Originally posted by karx11erx
Every computer system can be hacked. Every one.

huh?

 

[Netherscourge]

I hate it when people say Linux and MacOS never get hacked or viruses - Why? Is it for better code or security? No...

It's because hackers have no interest in hacking Operating Systems that no one uses! If the overwhelming majority of people in the world are running Windows OS, guess where the hackers set their targets?

I GUARANTEE if Linux and/or MacOS was as popular as Windows, they would get butchered too - perhaps even worse, because atleast Microsoft has alot of experience now trying to fight off hackers and close security leaks.

 

[Magicpants]

Hmm. I work for the Ministry myself, and although what you say is not strictly true - it's the basic gist. To be honest here though i think what we're all saying is that someone has very likely just disregarded common sense and left a security hole.

 

[Nuclear_Gerber]

It was wrong of Valve to put the source on a computer with internet access, I believe they learned their lesson...the hard way :/

 

[MrD]

In order to "hack" something you must either :

a) exploit a weekness/bug in the software
b) exploit real software features (ie. by getting hold of someone's password and using FTP in the normal way, or logging into a machine with no password etc)

or both.

If a computer system has neither (a) or (b) then it cannot be hacked. I doubt very much that linux falls into that category.

 

[Dr-X]

ok, MrD, you definately dont know as much as you're trying to make people believe. Sit down, shut up.

 

[MrD]

Originally posted by Dr-X
ok, MrD, you definately dont know as much as you're trying to make people believe. Sit down, shut up.

please explain ... ?

 

[Magicpants]

G0rgon... you're kind of missing the point m8. The game is only coming out for Windows, we're talking about how the development files are/were hosted at Valve.... I'm going easy on you though because i realise that English is not your first language

Originally posted by G0rgon
Nah man, I want the game on window not linux. this is my reply.

 

[Netherscourge]

Originally posted by Dr-X
ok, MrD, you definately dont know as much as you're trying to make people believe. Sit down, shut up.

He makes pefect sense to me and his point is credible. It's not the OS that's the problem, it the lack of common sense.

To turn this situation into a Linux commercial is a complete joke. Matter of fact, I hope Tux drowns today.

(no offense to all Penguins, just Tux)

 

[Dr-X]

MrD, you're simply being ignorant and naive to believe that linux is unhackable. it has been done, it's not as difficult as linux boffin will have you believe.

 

[MrD]

Originally posted by Dr-X
ok, MrD, you definately dont know as much as you're trying to make people believe. Sit down, shut up.

Example: I stick some software on an open port that only responds to the commands "ADD" and "SUBTRACT". And I invite you to hack it ...?

No, didn't think so. So how about you shut up.

 

[Netherscourge]

Computers with highly sensitive information should not have ANY communication ports on them - PERIOD.

 

[MrD]

Originally posted by Dr-X
MrD, you're simply being ignorant and naive to believe that linux is unhackable. it has been done, it's not as difficult as linux boffin will have you believe.

ROFL!!!!

Try actually reading my post, and understanding it too, before you accuse me of being ignorant.

EDIT: just for the record, I never said Linux was unhackable, I said that it was hackable.

 

[Mountain Man]

Originally posted by pblse
Only reason Windows and MS software is targeted is that is the most widely spread, there have been numerous security hole sin open source software.

That's partly true. The other reason is that Microsoft's code is ridiculously full of security holes. I mean, they've known things like the Outlook buffer overflow exploit for years, yet they haven't fixed it!

Just recently there was the OpenSSL bug which affects all the open source webbrowsers and could lead to code execution by visiting a website in worst case scenario.

The thing with these kinds of things in open source software, the problem was found and fixed extremely quickly. Generally, security holes in open source code are often patched within hours of their discovery. Yes, open source software is not perfect, but its flaws are very quickly addressed.

And the user thing, sigh, do you know anything ? You can run as a restricted user on Windows as well, just that no one bothers with it.

It's my understanding that it doesn't matter if they do or not as hackers are able to make short work of Microsoft's swiss cheese security code.

 

[Netherscourge]

Originally posted by Dr-X
MrD, you're simply being ignorant and naive to believe that linux is unhackable. it has been done, it's not as difficult as linux boffin will have you believe.

I think he said the exact opposite dude.

 

[derby]

Originally posted by Netherscourge
I hate it when people say Linux and MacOS never get hacked or viruses - Why? Is it for better code or security? No...

It's because hackers have no interest in hacking Operating Systems that no one uses! If the overwhelming majority of people in the world are running Windows OS, guess where the hackers set their targets?

Actaully over a third of computers use POSIX OSs (linux, mac, UNIX etc), a lot of very important websites (even microsoft, which clearly has no confidence in it's own products) use UNIX servers, so the operating system is a prime target for hackers. The reason people use it is because it is more secure (according to industry experts as well as empirical data) than windows. It is not perfect, there have been expoloits in the past but very few of them, and they've been fixed quickly.

Remember the PING of death that was bringing down servers in the 90s? All OSs were succeptable (yes even Linux) but, there was a patch out to gaurd against the attack for Linux with in a few hours SUN got a patch out for Solaris within a week but it tool microsoft six months to fix thier sever OS.

Originally posted by Netherscourge
I GUARANTEE if Linux and/or MacOS was as popular as Windows, they would get butchered too - perhaps even worse, because atleast Microsoft has alot of experience now trying to fight off hackers and close security leaks.

What you say makes no sense the ratio of UNIX security holes to MS security holes is nothing like the ratio of UNIX machines to MS machines. I'm afraid your guarantee is not worth anything. Sorry.

 

[Mountain Man]

at least Microsoft has alot of experience now trying to fight off hackers and close security leaks.

Or at least they have experience being brought down to their knees by security exploits. Unfortunately, they don't seem to have much practice actually fixing the problems.

 

[MooCow]

Security issues aside the fundamental point here is that you can't develop for directx on linux machines, by going with directx valve had no choice but to produce a large amount of the code on windows machines.

 

[jabberwokk]

Half Life can be ported

half Life does support opengl which runs on nearly everything. granted directx also includes sound, media, etc... but they can be easily replaced with there equivilents (opengl,openal,sdl,etc...).

 

[Cander]

what really needs to be answered is wether or not valve was using a firewall and adminsitered it correctly.

 

[jabberwokk]

A proper firewall can only stop so much! Currently I don't know of any that stop people from using MS Outlook. Considering the amount of open security bugs and the state of other mail/groupware software, I don't know why people still use Outlook in areas which need to be secured or mission critical.

 

[TripleDES]

Originally posted by derby
even microsoft, which clearly has no confidence in it's own products

Get your damn facts straight, stupid. MS hired Akamai to mirror their static contents, and Akamai runs Linux, that easy. All dynamic contents run on Windows 2003 and IIS6. And dont even try to show me Netcraft stats, because they probed mostly only the Akamai servers.